Cybercriminals are trying to get users to hand over credentials for their Gmail accounts. However, some of them are not trying too hard.
Deepanker Verma of Techlomedia reports identifying a Google phishing scam that starts with emails entitled “Sign In From Unauthorized Device.” The emails are poorly written and they don’t even come from a Google email address. Instead, they appear to originate from [email protected].
“Someone recently sign in to your Google Account – [recipient email address] Using An Unauthorised Application (Brutus V1.2),” the bogus emails read.
After providing some additional information regarding the unauthorized login, the emails continue, “Review your Google account settings [link] *Never Trust Sites That Asks For Your Logins. *Keep Your Password Updated Always. * Never Used Your Google Password On Any Site.”
Users who click on the link from the email are taken to a website that hosts a Gmail phishing page that appears to be designed for mobile devices.
At the time of writing, the phishing page was still live, so beware!